| From a583fda214845fe7a041ea3c383924e514e45ed8 Mon Sep 17 00:00:00 2001 |
| From: Ard Biesheuvel <ard.biesheuvel@linaro.org> |
| Date: Tue, 11 Oct 2016 19:15:20 +0100 |
| Subject: [PATCH] crypto: arm/aes-ce - fix for big endian |
| |
| commit 58010fa6f71c9577922b22e46014b95a4ec80fa0 upstream. |
| |
| The AES key schedule generation is mostly endian agnostic, with the |
| exception of the rotation and the incorporation of the round constant |
| at the start of each round. So implement a big endian specific version |
| of that part to make the whole routine big endian compatible. |
| |
| Fixes: 86464859cc77 ("crypto: arm - AES in ECB/CBC/CTR/XTS modes using ARMv8 Crypto Extensions") |
| Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> |
| Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/arch/arm/crypto/aes-ce-glue.c b/arch/arm/crypto/aes-ce-glue.c |
| index aef022a87c53..04410d9f5e72 100644 |
| --- a/arch/arm/crypto/aes-ce-glue.c |
| +++ b/arch/arm/crypto/aes-ce-glue.c |
| @@ -88,8 +88,13 @@ static int ce_aes_expandkey(struct crypto_aes_ctx *ctx, const u8 *in_key, |
| u32 *rki = ctx->key_enc + (i * kwords); |
| u32 *rko = rki + kwords; |
| |
| +#ifndef CONFIG_CPU_BIG_ENDIAN |
| rko[0] = ror32(ce_aes_sub(rki[kwords - 1]), 8); |
| rko[0] = rko[0] ^ rki[0] ^ rcon[i]; |
| +#else |
| + rko[0] = rol32(ce_aes_sub(rki[kwords - 1]), 8); |
| + rko[0] = rko[0] ^ rki[0] ^ (rcon[i] << 24); |
| +#endif |
| rko[1] = rko[0] ^ rki[1]; |
| rko[2] = rko[1] ^ rki[2]; |
| rko[3] = rko[2] ^ rki[3]; |
| -- |
| 2.10.1 |
| |